PHP bug or expected results?


Hello, i am suddenly experiencing an issue with PHP. I am not sure if it is a bug or if it is supposed to occur.

i assign a variable the output of a function:

$varTest1 = functionTest();

then i assign the value of this variable to a session:

$SESSION['myTest'] = $varTest1;

this works fine until i use this method more than once.
then it appears to me that the function is run and a new value is returned.
I decided to test this with a random bytes and the values are changing.

is this supposed to happen? i thought that the variable would store the output of the function and not run the function endlessly.

if this is supposed to happen, then how am i supposed to store a value of a function in a variable and also in a session variable?


The function will run every time it is called. Ditch the unneeded variable and put the function result directly in the session. The session should be enclosed in code that checks whether it has been set or not. If not set, set it, otherwise ignore.

$SESSION['myTest'] =  functionTest();
1 Like

There’s no way to test this scenario with the limited information provided, at least because it’s unknown what “again” means, and it makes no sense without context as calling the funtion twice means running the function twice and calling the script twice (as in two requests) also means running the function twice, with the results of getting different data if that’s the purpose of the function.


Hello and good day to you, Benanamen.

I played with various settings and this is what worked for me (ditching the variable).
witholding opinions (because i don’t care either way), i’m giving all of my form inputs random names and in certain cases random values. Everything is working well until today. I assumed that the variable would run the function to get a value. Then, i assumed that i could asign this value to a session by variable. Wasted space/memory using a variable. I switched to using a session variable, then just echo the session variable. Now it works.

I didn’t see your post because i do not connect to internet on my work pc / i always remove network cards and disable bluetooth and infrared transfers. Anyway, i explained before that my monitor hinge exploded and damaged the monitor. The manufacturer didn’t replace the monitor. I have yet to purchase a second external monitor. This is a problem because my internet browsing laptop monitor is also kaput. I have to share my large external monitor.

I will use this format instead, to be sure that i don’t have any further issues. Especially, when going live in the near future. I changed my code as such:

$SESSION['loginSecurity']['loginSubmitButtonName'] = createRandomID();

<input type="submit" name="<?php print $SESSION['loginSecurity']['loginSubmitButtonName']; ?> />

the problem earlier, is that i got a second and unique value when using the print statement. Thus, setting the session created one value, print statement created a second value. This didn’t happen until today, whenever i moved the code outside of the root and implemented a require file. I think that i will have to use your method in order to prevent a second unique value.

Thank you very much.


Just to be sure that everyone is understanding this problem, i want to clarify the matter. This is important because it could break everything that alot of us are doing in our code.

problem noticed: create a variable, assign the output of a function to this.
echo/print this variable and it reruns the function. even in a print statement.

this could break my code for a csrf token:
$secret = random bytes
then hash_hmac $secret might get a new value.
I think that this is odd. How can we be sure that the random bytes is not generated a second time? this really happened to me today. I am worried that php will break my code. How can we generate a random string and store it in a variable, then use this variable without the risk of a new random string being generated? I am very uncomfortable with this.


this is just not happening


for you but this statement is an insult. I am not stupid and my Wife seen the entire situation. It really happens with my code. I had to completely strip the function and use the suggestion by benanamen. I’m not going to post my private login script. So go ask Facebook to post theirs and see if you get a reply. My code is private, albeit the output is public. I’ll have to try to recreate this scenario without my entire code block.

you know, many years ago in the 90s, i noticed that people were using java applets. I hated java then and now. I decided to try an applet because my image editor bundled an applet maker into the software. I used PhotoImpact. Ulead doesn’t exist anymore so i think it is okay to mention it (not spamming by any means. delete the statement if you think it is spam.)

anyway, i always disabled applets, active-x and active scripting in IE internet options. I forgot to enable the applets but i noticed that the applet loaded. I checked my settings and applets were disabled. I found an exploit by accident. One month later, i saw a security update by Microsoft regarding java applets running when disabled. lol. I all ready knew about it. My point is that perhaps this is a problem with xampp.

I always copy and paste my htdocs and outside of root folder when i make new changes, so this original code is still intact. I will try to find the cause of this problem, then i will post here again.

i tell you it was happening and my Wife saw it happen.

I remember that i reused my token function and didn’t change the function. I’m not trying to optimize my code now, so the function is sloppy because i have remnants of the token output:

function createRandomName() {
$NewRandomName = base64_encode(random_bytes(12)); //16 padded
return $NewRandomName;

i never removed the $NewToken line. I am aware that i should just return a random bytes but optimizing is not my place here. Anyway, all of the code together could be a problem. I’ll explore my backup pages tomorrow. I need to get away from the pc now. I am tired.

1 Like

okay, so i’ve loaded these files a dozen times now and the result is normal. I’ve checked php and xampp for this problem and nothing. The only culprit left is Windows 10. From time-to-time i have issues with Windows 10, including an abrupt shutdown. I have no idea what would happen that would effect xampp and php. I’ll have to update my system and see if the problem returns or not.

1 Like